Viber’s online help desk sacked by pro-Syrian hackers

The online helpdesk for Viber, an instant-messaging and VoIP service, was defaced by pro-Syrian hackers who claimed to have accessed e-mail addresses, phone numbers, and other personal information belonging to the company's users and employees.

The defaced page bore a blue banner that read "Hacked by the Syrian Electronic Army," a reference to the pro-hacking crew that regularly breaches online accounts in the name of Syrian President Bashar al-Assad. In recent months, the group has accessed Twitter or website accounts belonging to the Financial Times, the Associated Press, The Guardian, The BBC, and Al Jazeera, to name just a few. More recently, it has reportedly breached accounts belonging to chat app developer Tango and the online news portal Daily Dot.

"We weren't able to hack all Viber systems, but most of it is designed for spying and tracking," the SEA wrote of the Israel-based company on its support.viber.com subdomain. The tampered page also included a large image purporting to show the IP addresses, e-mail addresses, and other details belonging to people who had accessed the company's servers. A little while later, the defacement was replaced with a simple "403 Forbidden" error message. At publication time, the helpme.viber.com page carried the same message.

Viber officials have yet to publicly acknowledge the breach or inform its user base, reportedly 200 million strong, of the effects the hack had to the privacy of their personal information.

It appears most of the entries on the SEA's long list of exploits are the result of phishing and similar social-engineering attacks. The simple technique has proven surprisingly successful, possibly because it's used against large organizations that often have multiple employees, frequently in geographically dispersed areas, accessing the same Twitter or administrative account. All the SEA hackers need is for one of them to fall for the ruse.

Promoted Comments

Yesterday, the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page.

It is very important to emphasize that no sensitive user data was exposed and that Viber's databases were not "hacked". Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.

We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future.

If you have any more questions/doubts, please feel free to let us know

My name is Jamie from Kayako, the people behind Viber's helpdesk. We've got this statement to share, for those interested:

Quote:

The security of our customers' helpdesks and data is our highest priority. As Viber said in their statement, this looks to be an isolated compromise of an individual's account. Even so, we have taken the precautionary measure of auditing our systems. At this time we have no reason to believe that any other Kayako system or customer has been affected and we will continue to monitor the situation.

We're sorry to hear what happened over at Viber and we are working closely with them to make sure everything gets back to normality and to prevent this from happening in the future.

The software is a nightmare in terms of security and allot of companies actually use it. Their version 4 is half baked and has many sloppy mistakes.

Our customers tend not to have issues with security, I think it is unfair that to say that Kayako is a security nightmare.

In terms of application vulnerability, in the lifetime of Kayako 4, we've only ever had to release two security advisories (our most recent one was last week). We've got a robust and transparent vulnerability policy.

17 Reader Comments

I can understand doing some online civil disobedience for a good cause, but all this vandalism as a means of sticking up for Bashar al-Assad is not a good cause. The guy ordered his military to murder their own citizens as punishment for protesting. It's his own fault that his country's in a civil war right now. And this Syrian electronic army is obviously a bunch of dirtbags.

I can understand doing some online civil disobedience for a good cause, but all this vandalism as a means of sticking up for Bashar al-Assad is not a good cause. The guy ordered his military to murder their own citizens as punishment for protesting. It's his own fault that his country's in a civil war right now. And this Syrian electronic army is obviously a bunch of dirtbags.

It's cute when people buy into western narrative that somehow the Free Syrian Army is a group of freedom fighters fighting the oppressive Assad regime. Assad still enjoy wide support in many places in Syria, and the only reason why it's even a civil war in the first place is because of west's support of the rebels.

I can understand doing some online civil disobedience for a good cause, but all this vandalism as a means of sticking up for Bashar al-Assad is not a good cause. The guy ordered his military to murder their own citizens as punishment for protesting. It's his own fault that his country's in a civil war right now. And this Syrian electronic army is obviously a bunch of dirtbags.

This isn't 'civil disobedience', this is 'legal' in the country where the 'army' apears to reside according to those currently in power, in fact it might even be state sponsored.

I can understand doing some online civil disobedience for a good cause, but all this vandalism as a means of sticking up for Bashar al-Assad is not a good cause. The guy ordered his military to murder their own citizens as punishment for protesting. It's his own fault that his country's in a civil war right now. And this Syrian electronic army is obviously a bunch of dirtbags.

It's cute when people buy into western narrative that somehow the Free Syrian Army is a group of freedom fighters fighting the oppressive Assad regime. Assad still enjoy wide support in many places in Syria, and the only reason why it's even a civil war in the first place is because of west's support of the rebels.

I never said that the rebels are a bunch of angels. But as I recall, Assad was cracking down on anti-government protests by firing live ammunition into the crowds; therefore the civil war is his fault, IMO.

Not impressed after seeing they use Kayako helpdesk, their version 4 was released as half baked and its a swiss cheese with bugs that even go years back....

Kayako is not hard to hack, you can even browse the cache folder of most installs because even if an admin created an index file there to avoid public browsing the software magically decides to clean the cache from time to time and actually erase all files, including that index, and they don´t even give instructions to secure this with .htaccess either because I assume they are not even aware of this issue.

The software is a nightmare in terms of security and allot of companies actually use it. Their version 4 is half baked and has many sloppy mistakes.

My point is that was probably done by kids, based on the security email they send a few days ago. Also this is another one of this stupid software companies that think its a great idea to put "Powered by Kayako" in their customers softwares.

All kids need to do is search on Google for non patched installations. Its amazing how many software companies think its a good idea to post this or even version numbers like Vbulletin does.

Gaddafi was found hiding in a drainage ditch. He was dragged out, viciously beaten, anally raped with a bayonet (no, really) and shot in the stomach and presented on the hood of a pickup truck like a buck deer. He died slowly.

That is going to look like mercy killing in comparison to what they'll do to Assad unless he runs. Frankly the man is a dumbass. He had billions in foreign accounts. He should have fled with his money. World powers would have probably guaranteed his exile in another country in exchange for leaving Syria. Now he's fucked.

I can understand doing some online civil disobedience for a good cause, but all this vandalism as a means of sticking up for Bashar al-Assad is not a good cause. The guy ordered his military to murder their own citizens as punishment for protesting. It's his own fault that his country's in a civil war right now. And this Syrian electronic army is obviously a bunch of dirtbags.

It's cute when people buy into western narrative that somehow the Free Syrian Army is a group of freedom fighters fighting the oppressive Assad regime. Assad still enjoy wide support in many places in Syria, and the only reason why it's even a civil war in the first place is because of west's support of the rebels.

I never said that the rebels are a bunch of angels. But as I recall, Assad was cracking down on anti-government protests by firing live ammunition into the crowds; therefore the civil war is his fault, IMO.

Careful with the backtrack there. But yeah, rest assured, there's plenty of blood and fault on both sides. Neither has the moral high ground. That's objective fact.

Gaddafi was found hiding in a drainage ditch. He was dragged out, viciously beaten, anally raped with a bayonet (no, really) and shot in the stomach and presented on the hood of a pickup truck like a buck deer. He died slowly.

That is going to look like mercy killing in comparison to what they'll do to Assad unless he runs. Frankly the man is a dumbass. He had billions in foreign accounts. He should have fled with his money. World powers would have probably guaranteed his exile in another country in exchange for leaving Syria. Now he's fucked.

People have been saying that for over two years now and such statements are starting to ring as hollow as Dick Cheney's assertion that the Iraqi insurgency was in it's death throes.

Libyan rebels were backed by NATO warplanes enfocing a no-fly zone imposed by the UN. Syrians have no such protection as such a resolution would never pass as long as China and Russia threaten to use their veto powers to shut down any any attempt and passing such a resolution.

On top of that, even if a no-fly zone was established, it still runs the risk of having Iran enter the conflict. There was no such risk in Libya as Gadhafi was never taken seriously by the Arab world, and he never had any true allies in the region, instead turning his embrace to sub-Saharan Africa, who themselves weren't in any position to contest any resolution of a no-fly zone over Libya.

Gadhafi was overthrown in less than a year; The Syrian civil war has been going for over two years with no end in sight. Gadhafi had no friends; Assad has BFF's in Iran, Russia, China, and Hezbollah, plus his army isn't abandoning him in droves (and taking wapons with them) like Gadhafi's. In short, Syria is not Libya. If you think Assad is going to end his regime in the same humiliating fashion Gadhafi ended his, you're more deluded Saddam's Information Minister.

Yesterday, the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page.

It is very important to emphasize that no sensitive user data was exposed and that Viber's databases were not "hacked". Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.

We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future.

If you have any more questions/doubts, please feel free to let us know

My name is Jamie from Kayako, the people behind Viber's helpdesk. We've got this statement to share, for those interested:

Quote:

The security of our customers' helpdesks and data is our highest priority. As Viber said in their statement, this looks to be an isolated compromise of an individual's account. Even so, we have taken the precautionary measure of auditing our systems. At this time we have no reason to believe that any other Kayako system or customer has been affected and we will continue to monitor the situation.

We're sorry to hear what happened over at Viber and we are working closely with them to make sure everything gets back to normality and to prevent this from happening in the future.

The software is a nightmare in terms of security and allot of companies actually use it. Their version 4 is half baked and has many sloppy mistakes.

Our customers tend not to have issues with security, I think it is unfair that to say that Kayako is a security nightmare.

In terms of application vulnerability, in the lifetime of Kayako 4, we've only ever had to release two security advisories (our most recent one was last week). We've got a robust and transparent vulnerability policy.

Gaddafi was found hiding in a drainage ditch. He was dragged out, viciously beaten, anally raped with a bayonet (no, really) and shot in the stomach and presented on the hood of a pickup truck like a buck deer. He died slowly.

That is going to look like mercy killing in comparison to what they'll do to Assad unless he runs. Frankly the man is a dumbass. He had billions in foreign accounts. He should have fled with his money. World powers would have probably guaranteed his exile in another country in exchange for leaving Syria. Now he's fucked.

People have been saying that for over two years now and such statements are starting to ring as hollow as Dick Cheney's assertion that the Iraqi insurgency was in it's death throes.

Libyan rebels were backed by NATO warplanes enfocing a no-fly zone imposed by the UN. Syrians have no such protection as such a resolution would never pass as long as China and Russia threaten to use their veto powers to shut down any any attempt and passing such a resolution.

On top of that, even if a no-fly zone was established, it still runs the risk of having Iran enter the conflict. There was no such risk in Libya as Gadhafi was never taken seriously by the Arab world, and he never had any true allies in the region, instead turning his embrace to sub-Saharan Africa, who themselves weren't in any position to contest any resolution of a no-fly zone over Libya.

Gadhafi was overthrown in less than a year; The Syrian civil war has been going for over two years with no end in sight. Gadhafi had no friends; Assad has BFF's in Iran, Russia, China, and Hezbollah, plus his army isn't abandoning him in droves (and taking wapons with them) like Gadhafi's. In short, Syria is not Libya. If you think Assad is going to end his regime in the same humiliating fashion Gadhafi ended his, you're more deluded Saddam's Information Minister.

The rebels in both cases are just as animals as the ones they are fighting, they are beasts, not humans, and im amazed how the NATO or any western country would support this mass murderers, they are going to be worst than the governments they take down because they are not better.

If the NATO or any other country wants to bring peace they should do the job by sending troops themselves instead of leaving the job to animals that are going to rape, kill and torture kids, women and anyone that hits their path.

Its ok to try to take down this regimes to bring peace, but not if you let this job to groups of people that are more violent and worst then the ones they are trying to take down.

We in the western world wonder they this regimes are so violent against rebels, well, because they are animals, they would rape and kill everyone if they could. This does not justify this regimes but anyone that things this are freedom fighters must be out of his mind. They are terrorist, not rebels, putting bombs on streets and killing anyone that does not fight for their cause.